Collection remains permanently inactive due to the absence of a status update mechanism
Root + Impact
Description
-
Each
MemorabiliaCollectionstruct contains aisActivefield indicating whether redemption is currently enabled for this collection. -
By observeing the contract code (e.g., see where does keyword
isActiveappear), we can find that while this field is set during creation, the current implementation lacks a mechanism to update it once initialized.
Risk
Likelihood:
Once a collection is created and initialized as inactive, it becomes irredeemable and effectively dead
Impact:
User Confusion and Trust Erosion: Users may perceive the system as unreliable if seemingly valid collections are non-functional, damaging platform trust
Proof of Concept
Simply run the existing test test_RedeemMemorabilia_CollectionNotActive()
Recommended Mitigation
-
Add a function only callable by organizer to set collection's status, for example:
fucntion activateCollection(uint256 collectionId, bool isactive) external onlyOrganizer {require(collections[collectionId].priceInBeat > 0, "Collection does not exist");collections[collectionId].isActive = isactive;} -
Introduce a time-based mechanism that automatically updated the collection’s status based on its configured activation timestamp.
Lead Judging Commences
createMemorabiliaCollection with isActive false for later usage - flow not properly implemented.
Low because an organizer can use it with active = true and organizer is trusted.
Rewards breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.